DROWN Vulnerability Still Unpatched by Most Cloud Services, SecurityWeek News – March 11, 2016

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) enables man-in-the-middle attackers to intercept, crack and modify encrypted traffic.  DROWN enables attackers exploiting HTTPS servers still using SSLv2 protocol to encrypt connections to gain access to the SSL secret encryption key, which may be reused within more secure TLS services running on the same machines (17% of HTTPS servers) as well as within HTTPS services running on additional servers (another 16% of HTTPS servers).   The threat to SSL and TLS encryption is thought to affect 2.3 million HTTPS servers (1/4 of the top 1 million HTTPS domains, and 1/3 of all HTTPS websites.)   Cloud providers appear to be slow in patching the DROWN vulnerability.

http://www.securityweek.com/drown-vulnerability-still-unpatched-most-cloud-services

https://drownattack.com/

http://www.zdnet.com/article/if-apple-can-help-china-it-can-help-us-us-doj/

The Department of Justice is saying that Apple has already complied with similar orders in the past, saying Apple dedicated staff and infrastructure to comply. The DOJ also combated the Apple argument that this would cause pressure from other countries by saying that the pressure is brought on by their decision to do business in those countries.

ISPs Sell Your Data to Advertisers, But FCC has a Plan to Protect Privacy

The Federal Communication Commission (FCC) has put forward a proposal that aims to protect Internet user’s privacy.
The proposal [pdf] will regulate the amount of customers’ online data the Internet Service Providers (ISPs) are able to collect and sell to the advertising companies.
Currently, there is no particular rule by law covering broadband providers and customer privacy, and if adopted, this would be the first privacy rule for ISPs.

Read more at: http://thehackernews.com/2016/03/isp-sells-data-to-advertisers.html

“Hacker’s Typo Tipped Off Authorities on Billion-Dollar Heist”
A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve. Unknown hackers still managed to get away with about $80 million. The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka. Hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, to seek clarification from the Bangladesh central bank.

For more information, please access the above article here.

RSVP Here! http://sites.temple.edu/care/

Event Details:

Friday, April 1st: 8:00am – 8:30pm

Saturday, April 2nd: 8:30am – 5:30pm

In my past use of WireShark, you can use the tool as a passive sniffing tool to detect packets coming in and out of your network. You can also tailor your syntax to search for specific ip addresses, ports, and packets. An alternative to WireShark are other sniffers such as tcpdump. It is recommended to not use WireShark while running root privileges, since WireShark may have a buffer overflow vulnerability. Anyone who exploits your WireShark while you are sniffing if you run with root privs will gain root privs. Sniffing usually does not require one to run as root, but it is needed to be in promiscuous mode.

Article: Pentagon hosts a Hack the Pentagon Challenge to help find vulnerabilities.

http://www.foxnews.com/tech/2016/03/03/department-defense-to-test-its-cybersecurity-with-hack-pentagon-competition.html

Advanced Penetration Testing -Week-9

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5212.001_3/7/2016
Date: Monday, March 7, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/7df2f58482ca4358a290ee3ea8cc0dd71d

Question:

How does Wireshark compare to IBM Tivoli?

Article:

Seagate Phish Exposes All Employee W-2

An email scam artists last week tricked an employee at data storage giant into giving away W-2 tax documents on all current and past employees.  The W-2 forms contained employee Social Security numbers, salaries and other personal data,

Seagate is offering affected employees at least two-years’ membership to Experian’s ProtectMyID service, paid for by the company.

Please see article for further details: http://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w-2s/

WireShark-Introduction: WireShark is an open source network packet capture, display and analysis tool that runs in many versions of Linux, UNIX, and Windows.  It can be used to achieve many positive outcomes, including: troubleshooting network problems, examining security problems, debug protocol implementations and learn internal details and functioning of network protocols.  It also can be used for nefarious purposes that breach the confidentiality of network data exchanges by observing the users as they interact with systems within intranets and across wide-area networks. Confidentiality breaches include: extracting usernames and passwords; identifying data stores, servers, services and applications, and determining how users access and use them directly and indirectly them through browser based screens, pages, applications and services.

WireShark-Using: This reading introduces how Wireshark works, including how to capture, view, filter, and analyze data packets exchanged over an IT network via a number of different computer, telephony, internet, and web data interchange protocols.

In The News: c|net Not in my house: Amazon’s unencrypted devices a sitting target, cybersecurity experts say: Amazon Fire tablet device latest OS5 upgrade removes device encryption for the product line. Encryption for data in transit and data stored in the cloud is still protected, but personal or sensitive data stored on the Fire tablet will no longer be encrypted with the latest update.   Amazon claims that their latest upgrade to the Fire’s OS removes features users did not take advantage of.  OS5 ships with new devices, and the OS upgrade removes encryption existing in prior OS’s running on users’ Fire tablet devices. Industry watchers suggest removal of encryption was implemented to speed the OS.

http://www.cnet.com/news/not-in-my-house-amazons-unencrypted-devices-a-sitting-target-cybersecurity-experts-say/

Question for class: Is there a way to control the Kali Linux font and screen resolution to make Wireshark more usable?